Credit card security has no silver bullet

The rollout of chip-embedded credit cards, while slow, is eventually expected to cut fraudulent in-person transactions.

The fight to curb credit card cybercrime might seem a bit like trying to force the air out of a sealed balloon: Squeeze it in one place, and it simply bulges out in another.

That is the image suggested by multiple predictions that, as the shift to EMV (Europay, MasterCard, Visa) technology makes in-person, point-of-sale (POS) transactions more secure, criminals are shifting the bulk of their attacks to online, or card-not-present (CNP) transactions.

Indeed, Javelin Strategy & Research predicted more than a year ago that CNP fraud will be four times that of POS fraud by 2018.

Alphonse Pascual, senior vice president, research director and head of fraud and security at Javelin, said the company will update its forecast this year, “but we expect the general trend to remain unchanged.”

If PINs were the solution for what ailed the market we would have switched from signatures long ago.

Alphonse Pascual, senior vice president, research director and head of fraud and security at Javelin Strategy & Research

And if that were the whole story, it could raise questions about the EMV transition – estimated to cost about $35 billion. If a reduction in one type of fraud is simply offset by a similar or greater increase in another type, what is the point?

According to Javelin, it is not the whole story. The company immediately followed its prediction with the assertion that the spike in CNP fraud is not being caused by EMV but is simply because CNP transactions are growing so fast.

It is, “due to an increase in transaction e-commerce volume and has little to do with a change in criminal behavior post-EMV,” the company said.

Other experts agree that e-commerce is rapidly expanding, prompting criminals to focus on it because, as bank robber Willie Sutton famously said, “that’s where the money is.”

E-commerce is, “growing at breakneck speed with various types of payment apps and technologies continually entering into the fold,” said Jeremy Gumbley, CTO and CSO of Creditcall.

(E-commerce) is growing at breakneck speed with various types of payment apps and technologies continually entering into the fold.

Jeremy Gumbley, CTO and CSO, Creditcall

But he believes it is impossible to predict the level of either type of fraud several years out. “We don’t have a firm sense of what POS fraud is going to look like in a couple of years,” so any prediction would amount to, “an arbitrary number,” he said.

If the experience in the UK with the rollout of EMV, which began more than a decade ago, is any guide, POS fraud will decline in the U.S. Carson Sweet, chief strategy officer at Cloud Passage, cites statistics gathered between 2004 and 2014, which show that card-present fraud declined while CNP fraud steadily increased.